X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=src%2Finspect.c;h=bd6d1895a9bdbabb50c379af6ce38007b47ac94a;hp=3c4c619bac4b0aeebe3a9804e3058705132861df;hb=e44cf42f362d793c47d892a18a6853d88abd6ecb;hpb=528cd8f64176ca50f5b82db5682b0ee31833b162

diff --git a/src/inspect.c b/src/inspect.c
index 3c4c619..bd6d189 100644
--- a/src/inspect.c
+++ b/src/inspect.c
@@ -629,6 +629,14 @@ static int
 check_fstab (guestfs_h *g, struct inspect_fs *fs)
 {
   int r;
+  int64_t size;
+
+  /* Security: Refuse to do this if /etc/fstab is huge. */
+  size = guestfs_filesize (g, "/etc/fstab");
+  if (size == -1 || size > 100000) {
+    error (g, _("size of /etc/fstab unreasonable (%" PRIi64 " bytes)"), size);
+    return -1;
+  }
 
   /* XXX What if !feature_available (g, "augeas")? */
   if (guestfs_aug_init (g, "/", 16|32) == -1)
@@ -942,6 +950,14 @@ check_windows_registry (guestfs_h *g, struct inspect_fs *fs)
   hive_h *h = NULL;
   hive_value_h *values = NULL;
 
+  /* Security: Refuse to download registry if it is huge. */
+  int64_t size = guestfs_filesize (g, software_path);
+  if (size == -1 || size > 100000000) {
+    error (g, _("size of %s unreasonable (%" PRIi64 " bytes)"),
+           software_path, size);
+    goto out;
+  }
+
   if (mkdtemp (dir) == NULL) {
     perrorf (g, "mkdtemp");
     goto out;